mail delivery via alternate IP gateway

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

mail delivery via alternate IP gateway

Luigi Rosa
Given a Linux server with three network cards:

        eth0: 192.168.1.1 (local LAN)
        eth1: 20.20.20.20 (default GW, hi speed Internet, dynamic address)
        eth2: 30.30.30.30 (Internet, reserved to e-mail, static address)

This server is the default gateway of the organization and NATs the local
addresses via 20.20.20.20. Al traffic must go through 20.20.20.20 EXECPT e-mail
that should go through 30.30.30.30.

Binding Postfix (via inet_interfaces directive) to 192.168.1.1 and 30.30.30.30
(and localhost) will be enough to tell Postfix to deliver mail via 30.30.30.30
and NOT via the system default gateway 20.20.20.20?


Thank you in advance.


Ciao,
luigi

--
/
+--[Luigi Rosa]--
\

James Bond: Are these pictures live?
M: Unlike the Americans, we prefer not to get our bad news from CNN.
     --"007 Goldeneye"

Reply | Threaded
Open this post in threaded view
|

Re: mail delivery via alternate IP gateway

Michal Soltys-2
Luigi Rosa wrote:

> Given a Linux server with three network cards:
>
>     eth0: 192.168.1.1 (local LAN)
>     eth1: 20.20.20.20 (default GW, hi speed Internet, dynamic address)
>     eth2: 30.30.30.30 (Internet, reserved to e-mail, static address)
>
> This server is the default gateway of the organization and NATs the
> local addresses via 20.20.20.20. Al traffic must go through 20.20.20.20
> EXECPT e-mail that should go through 30.30.30.30.
>
> Binding Postfix (via inet_interfaces directive) to 192.168.1.1 and
> 30.30.30.30 (and localhost) will be enough to tell Postfix to deliver
> mail via 30.30.30.30 and NOT via the system default gateway 20.20.20.20?
>
>

You will need smtp_bind_address in main.cf for that purpose. Depending
on your configuration need, you could create extra service in master.cf
as well, example:

smtp-external   unix    -       -       y       -       -       smtp
         -o smtp_bind_address=30.30.30.30

and then in main.cf:

default_transport=smtp-external


Don't forget about relay service definition either, as it's smtp as
well, and uses global smtp_bind_address, unless explicitely overridden
in master.cf

Reply | Threaded
Open this post in threaded view
|

Re: mail delivery via alternate IP gateway

Luigi Rosa
Michal Soltys said the following on 31/07/08 08:41:

> You will need smtp_bind_address in main.cf for that purpose. Depending
> on your configuration need, you could create extra service in master.cf
> as well, example:

Thank you, Michal!



Ciao,
luigi

--
/
+--[Luigi Rosa]--
\

I got the bill for my surgery.
Now I know what those doctors were wearing masks for.
     --James Boren
Reply | Threaded
Open this post in threaded view
|

Re: mail delivery via alternate IP gateway

mouss-2
In reply to this post by Michal Soltys-2
Michal Soltys wrote:

> Luigi Rosa wrote:
>> Given a Linux server with three network cards:
>>
>>     eth0: 192.168.1.1 (local LAN)
>>     eth1: 20.20.20.20 (default GW, hi speed Internet, dynamic address)
>>     eth2: 30.30.30.30 (Internet, reserved to e-mail, static address)
>>
>> This server is the default gateway of the organization and NATs the
>> local addresses via 20.20.20.20. Al traffic must go through
>> 20.20.20.20 EXECPT e-mail that should go through 30.30.30.30.
>>
>> Binding Postfix (via inet_interfaces directive) to 192.168.1.1 and
>> 30.30.30.30 (and localhost) will be enough to tell Postfix to deliver
>> mail via 30.30.30.30 and NOT via the system default gateway 20.20.20.20?
>>
>>
>
> You will need smtp_bind_address in main.cf for that purpose. Depending
> on your configuration need, you could create extra service in master.cf
> as well, example:
>
> smtp-external   unix    -       -       y       -       -       smtp
>         -o smtp_bind_address=30.30.30.30
>
> and then in main.cf:
>
> default_transport=smtp-external
>
>
> Don't forget about relay service definition either, as it's smtp as
> well, and uses global smtp_bind_address, unless explicitely overridden
> in master.cf
>



binding postfix will set the IP in the packets, but it won't change the
network routes (by default, routing is done by destination). so you also
need to play with "advanced" routing to make sure the packets go out of
eth2. this is linux question.

Reply | Threaded
Open this post in threaded view
|

Re: mail delivery via alternate IP gateway

Luigi Rosa
mouss said the following on 31/07/08 09:02:

> so you also
> need to play with "advanced" routing to make sure the packets go out of
> eth2.

Such as?

I just need a hint on what I have to search in the documentation, either Postfix
or Linux. What do you mean with "advanced" routing?


Ciao,
luigi

--
/
+--[Luigi Rosa]--
\

Are you out of your damn Vulcan mind, Spock?
Reply | Threaded
Open this post in threaded view
|

Re: mail delivery via alternate IP gateway

MrC-7
Luigi Rosa wrote:

> mouss said the following on 31/07/08 09:02:
>
>> so you also need to play with "advanced" routing to make sure the
>> packets go out of eth2.
>
> Such as?
>
> I just need a hint on what I have to search in the documentation, either
> Postfix or Linux. What do you mean with "advanced" routing?
>

Hint: iproute2

http://lartc.org/howto/index.html

>
> Ciao,
> luigi
>
Reply | Threaded
Open this post in threaded view
|

Re: mail delivery via alternate IP gateway

Michal Soltys-2
In reply to this post by Luigi Rosa
Luigi Rosa wrote:

> mouss said the following on 31/07/08 09:02:
>
>> so you also need to play with "advanced" routing to make sure the
>> packets go out of eth2.
>
> Such as?
>
> I just need a hint on what I have to search in the documentation, either
> Postfix or Linux. What do you mean with "advanced" routing?
>
>

Apart from lartc:

http://linux-ip.net/html/
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html

Offtopic note: both lartc and policy routing book can be quite dated in
some of its contents, particulary lartc in scheduling section - if you
gonna dwell in that one in future, be sure to check
http://ace-host.stuart.id.au/russell/files/tc/doc/ for more current and
valid reference (esp. u32).
Reply | Threaded
Open this post in threaded view
|

Re: mail delivery via alternate IP gateway

Aaron Wolfe
In reply to this post by Michal Soltys-2


On Thu, Jul 31, 2008 at 2:41 AM, Michal Soltys <[hidden email]> wrote:
Luigi Rosa wrote:
Given a Linux server with three network cards:

   eth0: 192.168.1.1 (local LAN)
   eth1: 20.20.20.20 (default GW, hi speed Internet, dynamic address)
   eth2: 30.30.30.30 (Internet, reserved to e-mail, static address)

This server is the default gateway of the organization and NATs the local addresses via 20.20.20.20. Al traffic must go through 20.20.20.20 EXECPT e-mail that should go through 30.30.30.30.

Binding Postfix (via inet_interfaces directive) to 192.168.1.1 and 30.30.30.30 (and localhost) will be enough to tell Postfix to deliver mail via 30.30.30.30 and NOT via the system default gateway 20.20.20.20?



You will need smtp_bind_address in main.cf for that purpose. Depending on your configuration need, you could create extra service in master.cf as well, example:

smtp-external   unix    -       -       y       -       -       smtp
       -o smtp_bind_address=30.30.30.30

and then in main.cf:

default_transport=smtp-external

This will cause the source IP to be 30.30.30.30, but I don't think this will necessarily cause packets bound for external hosts to to use a particular gateway, which sounds like what the op is after.  AFAIK postfix does not get involved in IP routing. Maybe I am wrong, but I think you will still need to make sure traffic with this source IP gets routed via the correct gateway using some other means, for instance iproute can do this with policy routes in linux.  In fact, with policy routing you could cause all SMTP to use a particular gateway without needing a separate IP address for it at all.
 


Don't forget about relay service definition either, as it's smtp as well, and uses global smtp_bind_address, unless explicitely overridden in master.cf